Email hacking to jail
October 21, 2003 5:29 PM Subscribe
Hack an email account, go to jail. In what could be the first case of its type, a woman has been sentenced to 60 days of house arrest for obtaining the login and password of her husband's ex-wife and reading her mail. Probably the first of many such cases to come, these will be interesting to watch how the law is interpretted by the court (treat it as a wiretap violation or as computer hacking?).
It seems to me that this hinges on how she obtained the account info.
If she got it through deception then it's the same as if she broke into the womans house and read the mail sitting on her kitchen counter.
If she got it because the woman left it sitting around or was foolish enough to tell her, it's akin to reading open mail you find on the street. That said, my inner geek tells me that anyone foolish enough not to secure email deserves whatever they get. I've found my ex wifes email account info to be quite useful from time to time.
posted by cedar at 5:46 PM on October 21, 2003
If she got it through deception then it's the same as if she broke into the womans house and read the mail sitting on her kitchen counter.
If she got it because the woman left it sitting around or was foolish enough to tell her, it's akin to reading open mail you find on the street. That said, my inner geek tells me that anyone foolish enough not to secure email deserves whatever they get. I've found my ex wifes email account info to be quite useful from time to time.
posted by cedar at 5:46 PM on October 21, 2003
I wonder where simply guessing the right password would fall in that, cedar?
posted by scarabic at 6:00 PM on October 21, 2003
posted by scarabic at 6:00 PM on October 21, 2003
actually, I would say that the security of everyday email is about the same as finding and reading open mail on the street -- very easy to do, as long as you have no specific target or direction.
email that is not encrypted is 100% not-secure, but for the very great obscurity factor: the chances of someone sniffing after your particular email and getting it are pretty slim (except if you run one of those big echelon/carnivore/tia/etc. database dealies...sweeps the sea clean, usw.) -- unless of course the actual wire to your machine gets compromised.
that ranted, the article said she "fradulently obtained" the user access info...but lord knows if what they think that means and what it actually means, are the same thing. visions of sleazy PIs using keyloggers or various hotmail exploits dance in my head.
however she ended up with the username and password, it's what she did with that info that counts.
posted by dorian at 6:07 PM on October 21, 2003
email that is not encrypted is 100% not-secure, but for the very great obscurity factor: the chances of someone sniffing after your particular email and getting it are pretty slim (except if you run one of those big echelon/carnivore/tia/etc. database dealies...sweeps the sea clean, usw.) -- unless of course the actual wire to your machine gets compromised.
that ranted, the article said she "fradulently obtained" the user access info...but lord knows if what they think that means and what it actually means, are the same thing. visions of sleazy PIs using keyloggers or various hotmail exploits dance in my head.
however she ended up with the username and password, it's what she did with that info that counts.
posted by dorian at 6:07 PM on October 21, 2003
If she got it because the woman left it sitting around or was foolish enough to tell her, it's akin to reading open mail you find on the street.
If you find a key to someone's house accidentally, it's still criminal trespass to use it to enter. If you have to type in a username and password that don't belong to you in order to read mail that also doesn't belong to you, it's at least ethically equivalent; though I don't know about legally. It's equivalent to opening someone's (USPS) mailbox, slitting open the envelopes and read their mail -- which is a crime subject to very serious penalties indeed. This is not a matter of glancing at a screen on which someone left a mail message displayed, this is a deliberate act.
posted by George_Spiggott at 6:18 PM on October 21, 2003
If you find a key to someone's house accidentally, it's still criminal trespass to use it to enter. If you have to type in a username and password that don't belong to you in order to read mail that also doesn't belong to you, it's at least ethically equivalent; though I don't know about legally. It's equivalent to opening someone's (USPS) mailbox, slitting open the envelopes and read their mail -- which is a crime subject to very serious penalties indeed. This is not a matter of glancing at a screen on which someone left a mail message displayed, this is a deliberate act.
posted by George_Spiggott at 6:18 PM on October 21, 2003
I remember back in high school looking at the mbox of people on the school's UNIX box that had set it to be readable by people on the system. I didn't even need their password. Hmmm... maybe it's not a good idea to admit this.
posted by gyc at 6:29 PM on October 21, 2003
posted by gyc at 6:29 PM on October 21, 2003
She got her just desserts. Morally, accessing someone else's email is the same as pulling letters out of someone's mailbox. See how many years you face for intercepting someone's United States Post. This is not a case about hacking or cracking, this is about invading someone's privacy.
posted by caddis at 6:55 PM on October 21, 2003
posted by caddis at 6:55 PM on October 21, 2003
Now, about the actual thread at hand, it's interesting how when we try to figure out what's right and wrong about email usage, we must use analogies. New technology leads to uncharted ethical grounds, and then we have to compare the new ground to the ground we've covered in order to know where we stand. I wonder if we'll ever get the email ethics battened down enough to use it as analogical to technologies yet to be invented.
posted by orange swan at 7:50 PM on October 21, 2003
posted by orange swan at 7:50 PM on October 21, 2003
I hate to say it, but I agree with this decision. Hacking an email is a invasion of privacy so great that it should be considered a crime. It's simply a version of identity theft and/or unlawful search and seizure (I'd need a lawyer to really call out the kind of charges that could be levied.) Sixty days of house arrest is totally appropriate for this sort of offense - there is no need to fill the prisons with hackers (much less overly jealous spouses,) but there should be a penalty.
posted by elwoodwiles at 8:12 PM on October 21, 2003
posted by elwoodwiles at 8:12 PM on October 21, 2003
House arrest with no internet access that is...
posted by orange swan at 8:15 PM on October 21, 2003
posted by orange swan at 8:15 PM on October 21, 2003
On topic, I'm tempted to agree with elwood. Privacy laws pertaining to snail mail aren't too different, nor identity- theft issues with credit cards. In any case, sounds like the woman is contrite and doesn't think she's somehow entitled to a free hack every now and then.
Officials said she fraudulently obtained the user name and password information for Ramsay's e-mail account.
I wonder how she went about this? Would the charges be different if she'd coded a script that actually sniffed the password, instead of simply guessing it, for example?
posted by dhoyt at 9:31 PM on October 21, 2003
Officials said she fraudulently obtained the user name and password information for Ramsay's e-mail account.
I wonder how she went about this? Would the charges be different if she'd coded a script that actually sniffed the password, instead of simply guessing it, for example?
posted by dhoyt at 9:31 PM on October 21, 2003
side topic: Theft of snail mail.
Big penalties, but only if someone wishes to find the culprit and do something. I had a Christmas card stolen years ago, with a check. The check was cashed. No one really cared to do anything about it at all (ha, not even my aunt that sent the check).
On topic: How nice to enforce such a sense of privacy. Now if they would only enforce it equally against government snoops we might have something worth waving a flag at.
posted by Goofyy at 1:35 AM on October 22, 2003
Big penalties, but only if someone wishes to find the culprit and do something. I had a Christmas card stolen years ago, with a check. The check was cashed. No one really cared to do anything about it at all (ha, not even my aunt that sent the check).
On topic: How nice to enforce such a sense of privacy. Now if they would only enforce it equally against government snoops we might have something worth waving a flag at.
posted by Goofyy at 1:35 AM on October 22, 2003
i think the thing that is surprising here is that a judge is actually taking the internet seriously. which itself marks a big shift from say, 10 years ago.
posted by triv at 3:20 AM on October 22, 2003
posted by triv at 3:20 AM on October 22, 2003
I think using analogies to snail mail is the wrong way to think about this because of the inherent differences in the medium, although the fact that it's called e-mail makes this very tempting.
Looking at an email is not the same as stealing a letter; it's like the difference between stealing and committing copy infringement. Reading an email does not necessarily deprive another person from reading / using / enjoying the email. Rather, it is only an invasion of privacy.
There is also less physical proof of a particular individual committing the intrusion. In the best case, an investigator could pinpoint the actual computer that was used to commit the crime and without an admission of guilt the accused party could easily claim that someone else had been using the computer at the time or that their computer was hacked by parties unknown.
I also don't think that the idea that a computer intrusion is the same as a physical intrusion really stands up to sustained scrutiny. The possibility of physical harm to people and property is not present with a computer intrusion. And, it is possible that the accused's computer was used as a proxy by other culprits, whereas physical proof of a physical intrusion is much harder to fake.
posted by bshort at 6:03 AM on October 22, 2003
Looking at an email is not the same as stealing a letter; it's like the difference between stealing and committing copy infringement. Reading an email does not necessarily deprive another person from reading / using / enjoying the email. Rather, it is only an invasion of privacy.
There is also less physical proof of a particular individual committing the intrusion. In the best case, an investigator could pinpoint the actual computer that was used to commit the crime and without an admission of guilt the accused party could easily claim that someone else had been using the computer at the time or that their computer was hacked by parties unknown.
I also don't think that the idea that a computer intrusion is the same as a physical intrusion really stands up to sustained scrutiny. The possibility of physical harm to people and property is not present with a computer intrusion. And, it is possible that the accused's computer was used as a proxy by other culprits, whereas physical proof of a physical intrusion is much harder to fake.
posted by bshort at 6:03 AM on October 22, 2003
bshort - The point is not deprivation of communication, but invasion of private communication. Steal a letter from a mailbox, steam it open, read it and then reseal and replace it, go to jail for 5 years (well theoretically). 18 U.S.C. Section 1702
posted by caddis at 6:49 AM on October 22, 2003
posted by caddis at 6:49 AM on October 22, 2003
I had an exboyfriend hack into my hotmail account, then call me on the phone and accuse me of all kinds of fun things, based on private emails that had been sent to close friends.
He even admitted to it.
You have no idea how much I wish this ruling had happened about a year ago. I would have relished having something of substance to shoot back at him.
posted by JamieStar at 7:19 AM on October 22, 2003
He even admitted to it.
You have no idea how much I wish this ruling had happened about a year ago. I would have relished having something of substance to shoot back at him.
posted by JamieStar at 7:19 AM on October 22, 2003
In the September of 1999, an exploit that allowed anyone to access another person's Hotmail account via the new passport system was posted to Slashdot.
Everyone I knew who caught that article early enough spent the day reading other people's e-mails before it was shut down, and hours later, was reported on by national news.
Back then it was all in good fun, mostly because all us nerds agreed that it was the risk you took for using a product of the evil Microsoft corporation.
posted by Stan Chin at 7:28 AM on October 22, 2003
Everyone I knew who caught that article early enough spent the day reading other people's e-mails before it was shut down, and hours later, was reported on by national news.
Back then it was all in good fun, mostly because all us nerds agreed that it was the risk you took for using a product of the evil Microsoft corporation.
posted by Stan Chin at 7:28 AM on October 22, 2003
caddis: actually, the law you cite seems to address both deprivation of communication as well as the invasion of privacy.
I would also offer that while this law helped the US to provide a system of federal mail, email is very different. Literally anyone can set up a mail server, no matter their level of incompetence, and start providing email delivery.
As a side note, until fairly recently it was illegal in the US to provide a delivery service that competed with the US Mail.
posted by bshort at 8:16 AM on October 22, 2003
I would also offer that while this law helped the US to provide a system of federal mail, email is very different. Literally anyone can set up a mail server, no matter their level of incompetence, and start providing email delivery.
As a side note, until fairly recently it was illegal in the US to provide a delivery service that competed with the US Mail.
posted by bshort at 8:16 AM on October 22, 2003
I guess it's all fun and games until it happens to you. For those of you who have posted against this ruling perhaps you should experience this type of invasion firsthand. About eights month ago I discovered an ex-girlfriend was not only reading my e-mails, but distributing printed copies of my e-mails other attached documents to other members of my community in an attempt to make me look bad. This material included some extremely sensitive and personal items. She twisted my words and tried to drive a wedge between me and a friend. Thankfully because every one knew she was insane no one believed her spin. However, the damage was done because I basically felt naked in front of world. Since then I am extremely paranoid about all my passwords; in fact I change all of them on a regular basis now. I'm glad this woman is being punished; frankly I think the sentence was too light.
posted by Bag Man at 1:04 PM on October 22, 2003
posted by Bag Man at 1:04 PM on October 22, 2003
« Older Extremist Makeover | Con-man, the next Einstein, or...? Newer »
This thread has been archived and is closed to new comments
[shakes fist]
posted by scarabic at 5:32 PM on October 21, 2003